PocketVault Encryptor TM Secured by SPYRUS with Rosetta® Micro HSM FIPS 140-2 Level 3 Security Authentication, Encryption, Storage and Secure File Sharing for People on the Go The SPYRUS PocketVault Encryptor (PVE) introduces the latest version of the SPYRUS secure file encryption and file sharing product line. SPYRUS USB encryption devices were the world’s first to implement hardware-based file encryption and file sharing and this innovation is taken to new levels of performance and information assurance in the PVE by the incorporation of hardware-based Elliptic Curve Cryptography in the internal Rosetta Micro Hardware Security Modules. SPYRUS Rosetta technology is designed to work with PVE to securely store and share encrypted files anywhere. The Rosetta Micro ensures interoperability with other members of the SPYRUS family including the Rosetta USB, Rosetta microSDHC, WorkSafe, WorkSafe Pro, PocketVault, andP-3X security devices. Encrypt Files and Store Them Anywhere PVE file encryption protects each encrypted file with a unique key, no matter where it is stored, making it an ideal cloud solution. The SPYRUS PVE file encryption provides superior confidentiality through the use of Elliptic Curve Cryptography with key size of P-384 together with AES-256 symmetric encryption. Secure File Sharing PVE files can be shared with other PVE users whether encrypted files are stored on the SPYRUS WorkSafe Pro, P-3X, SharePoint, or in the Cloud. Each and every file is protected using a unique key that is encrypted (wrapped) with a key encryption key derived from the originators Rosetta Micro HSM along with each recipient’s public/ private key pair using an EC Diffie-Hellman key agreement. The file originator and receiver keys are conveyed in a PVE Sharing Certificate that is stored in a local PVE Contacts Folder. Secure Data Recovery PVE Recovery Agent was designed for organizations concerned about file data recovery if the PVE device is lost or stolen. The PVE secure file sharing architecture can be configured so that the backup PVE device can be defined as a Recovery Agent so that every file that is encrypted will automatically include the Recovery Agent’s PVE Sharing Certificate. Depending on policy, the Recovery Agent can optionally be set up to require two-person control and kept securely locked in a safe or a vault offsite. Rosetta Micro HSM PKI Security Features In addition to being the security engine for secure file sharing within the PVE, the Rosetta Micro HSM can also function as a PKI security device or smart card for additional functionality. Rosetta Micro HSM security functionality can safeguard a user’s Windows logon password and the private keys associated with digital certificates. The Rosetta Micro HSM is compatible with industry-standard protocols for secure S/MIME email systems, Webbased SSL/TLS with mutual authentication, Microsoft Data Access functions, as well as providing RSA and Elliptic Curve Cryptography digital signatures for eForms. Why is SPYRUS Secure File Encryption and Sharing Stronger? Hardware-based key management security sets SPYRUS apart from the competition. Why is this better? SPYRUS uses highly efficient processor with Elliptic Curve Cryptography in the Rosetta Micro HSM Keys are generated in the Rosetta Micro HSM and never revealed in the host or to a third party Cloud provider Access to Rosetta Micro HSM required two levels of authentication – something you have (the SPYRUS device with Rosetta Micro HSM) and something you know (the password to logon). The Rosetta Micro HSM is initially programmed at the factory to destroy the keys and prevent access to encrypted files after 10 incorrect password entries to prevent bruteforce attacks. This bad password default value can be changed by the PVE Administrator. Rosetta Micro HSM is a tamper-resistant FIPS 140-2 Level 3 hardware module with EAL5+ hardware security, specifically designed to protect keys from reverse engineering attacks Features and Benefits Encrypt and store data anywhere – in the Cloud, on the desktop, or on a SPYRUS WorkSafe Pro bootable Windows 8.1 live drive or P-3X encrypted storage drive. Exchange PVE Sharing Certificates to securely share files with other users in a workgroup. PVE keys are generated in the Rosetta Micro HSM device and never exported or escrowed after initialization of PVE. An organization can provision a Recovery Agent to enable data decryption if a user’s PVE Rosetta device is lost or stolen. PKI smartcard functionality generates key pairs, store certificates, sign/encrypt email, and enable strong two-factor authentication. Implements Elliptic Curve Cryptography and AES 256 CBC mode. KeyWitness digital signature operations enable strong non-repudiation and protect files from malware propagation. Easy user interface PVE2Go Easy to Use Interface Technical Specifications Operating System Compatibility Windows 10 Preview Windows 8/8.1 Windows 7 Hardware Security SPYRUS Cryptographic Operating System (SPYCOS) File Encryption: AES CBC 256-bit Key Protection: ECDH P-384 and AES CBC 256 Hashing: SHA-384 Rosetta Micro HSM: Series II and/or Series III for FIPS 140-2 Level 3 FIPS PUB 180-4 Secure hash Algorithm Standard FIPS PUB 197 Advanced Encryption Standard SP 800-38A and SP800-38F Modes of Operation SP800-56A Key Establishment Guidelines SP800-90A Random Number Generation SP 800-90A Random Number Generation Product Models PVE Pro installs on Windows 7 or Windows 8 platforms (and Windows 10 after Microsoft releases for General Availability) and encrypts and shares files using Rosetta USB, Rosetta microSDHC, PocketVault USB 3.0, P-3X, WorkSafe, or WorkSafe Pro. PVE2Go is an application that is installed on the WorkSafe Pro Windows live drive or P-3X encrypting USB 3.0 storage drive. For more information about SPYRUS products, visit www.spyrus.com or contact us by email or phone. Corporate Headquarters 1860 Hartog Drive San Jose, CA 95131-2203 +1 (408) 392-9131 phone +1 (408) 392-0319 fax info@SPYRUS.com East Coast Office +1 (732) 329-6006 phone +1 (732) 832-0123 fax UK Office +44 (0) 113 8800494 Australia Office Level 7, 333 Adelaide Street Brisbane QLD 4000, Australia +61 7 3220-1133 phone +61 7 3220-2233 fax www.spyrus.com.au © Copyright 2013-2015 SPYRUS, Inc. All rights reserved. SPYRUS, the SPYRUS logos, Secured by SPYRUS, WorkSafe, Toughboot, SPYRUS Enterprise Management System, and Rosetta are either registered trademarks or trademarks of SPYRUS in the United States and/or other countries. All other trademarks are the property of their respective owners. Patents: http://www.spyrus.com/patent-markings Specifications subject to change without notice. Document number 400-240001-02